org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.8%.
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via. Rated low severity (CVSS 3.3). No vendor patch available.